Security Now 334

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 334

Security Now 334: Your Questions, Steve's Answers #134

News & Errata

  • Next week is the Consumer Electronic Show
  • Next Security Now moved to Monday January 9, 2012 because of CES.
  • Microsoft releases out of cycle patch fixing problems with hashing algorithms in many server-side (Oracle's Java and Glassfish, Microsoft's ASP.NET system, Python, Ruby, PHP both versions 4 and 5, Apache's Tomcat and Geronimo, Jetty, Plone, CRuby, JRuby, Rubinius, and the v8 JavaScript engine) which allows a person who deliberately creates hash collisions, could easily saturate a systems processing abilities. With this vulnerability a single person with just using 70 to 100 kbits of connection bandwidth, could completely saturate a server using an Intel i7 core processor. They also showed that hours of CPU time can be consumed making a single HTTP post request by doing this.
  • Vulnerability found in VLC Player with the Tivo (.ty) file format version 1.1.13 fixes the problem, also deleting the libty_plugin.* files will resolve the problem.
  • The Ninth U.S. Circuit Court of Appeals has upheld the constitutionality of 2008's FISA, the Foreign Intelligence Surveillance Act
  • National Defence Act signed into law, allowing detainment indefinitely without warrant
  • RPN regarded as "Yoda Speak".

Spinrite Story - David Goldenberg

"Hi, Steve and friends. I've been a happy owner of SpinRite for a few years now, and it's my secret weapon in the technology trenches. I'm the family tech guy. I help out at my kids' school and have my own part-time business fixing PCs, training, and networking. SpinRite is always within reach and never lets me down. Last week, I had been preparing a laptop for a presentation for my ARES amateur radio group. I volunteered to get a new program, NBEMS, which is the Narrow Band Emergency Messaging Software, running that sends text messages and email-type communications over the radio. After several days I had everything working great and spent hours getting screenshots for the PowerPoint I was to prepare. One morning I went to start up the laptop. As I was getting together with another ham to go over what I had and to get his machine working, I started up my laptop and got the dreaded BSOD and an unmountable boot volume error. I did not break a sweat or even worry as I knew from experience that SpinRite would save the day. And needless to say, two hours later, the drive was scanned, several sectors were repaired, and the laptop booted, and everything I needed was ready to go. You're great, and so is SpinRite. Thanks. David Goldenberg, KJ6MCQ."

Questions & Answers

Question: [ 01 ] - Dean Severson

SOPA, MPAA, RIAA. As a geek around the Christmas table, I get the same questions as other geeks. Lots of the answers, which should be straightforward tech answers, really revolve around the battle with lobbyists. I tried explaining all this SOPA stuff to my friends and family. I get lots of blank stares: "What is he ranting about this time?" Is there a quick-read link you could send us to help the layperson understand what we're getting at when we try to explain these totally inexplicable issues? Thanks. Listener since Episode 1.

Steve: Yeah. In general, I don't know of anything. But for SOPA there is a bunch of good stuff at the EFF, not surprisingly. They're on top of these sorts of censorship and privacy concerns and so forth. And when I saw Dean's question, I just went, and their search system allows you, over on the left-hand side, to specify categories. And so I just chose the blog that they have and searched for the acronym "SOPA" within their blog. And it immediately found some very nice and written - I guess I wouldn't say to Dean that this is maybe for his family and friends, but it's definitely for him - that would give him a sort of a nice-looking sense for a way to describe these issues. So certainly the EFF is where I would go for things like SOPA that are lobby-based and privacy and censorship concerns.

Leo: There is a website dedicated specifically to SOPA and PIPA, the two bills that are in front of Congress right now. It's, and they do have an infographic on this site that's very easy to understand, and videos you can embed, that you can show people or send people. There's a really simple video that you can email or download. There's a very nice infographic that talks about the number of people who participated in American Censorship Day. 6,000 people signed up. A million emails to Congress. You know, we kind of won that battle. I think a lot of the people who supported SOPA, including GoDaddy and others, realized this was something that the Internet did not want. But the battle is far from over. They will be back again and again and again to try to break the Internet because the Internet fundamentally, to the Motion Picture Association and the recording industry, is a threat. They see the Internet and computers as piracy tools, not as anything else. And in order to preserve their business model, they want to literally break the Internet because they see it as dangerous. And we don't want them to break the Internet. We want them to change their business model to suit modern times. We can't go back to the 1950s, sorry.

Question: [ 02 ] - Mark Cykowski

Steve, long-time listener to your Security Now! podcast. A few weeks ago you mentioned you returned your Kindle Fires in part because the on/off button got in the way, and you'd accidentally turn it off while holding it. It's right at the bottom there. And if you hold it - I don't hold it that way. I hold it on the edges. But it's true, it's too easy to switch. I agree. I was having the same difficulties until I found a solution. I just turn the Kindle around. Because the Kindle rotates, and the on/off button then is at the top. No, I didn't think of that. No more accidentally turning the screen off. The only problem I've seen is that the opening screen and the shutdown screen messages are upside down. But I could live with that. I'm not having any of the problems you mentioned. And you may want to take another look at the Kindle Fire. I don't know if that's a solution. Thanks to you and Leo for all the great podcasts. Sincerely, Mark.
The Kindle screen rotates easily. It also occurred to me since then that, if you had any sort of a case around it, and I would imagine everyone who gets a Kindle, I mean, it's fragile. In the same way that you're going to put some sort of a bumper case on your smartphone, I would imagine you would do that with a Kindle. And unless they exacerbate the problem by putting a big rubber bump there to sort of, like, make pushing the button easy, that might end up recessing the button so that, if they just had like a hole through the case, then you'd be pushing in in order to get to it. So that could solve the problem. I did want to mention, though, that I did get another Kindle. A Kindle Fire. I got a Fire because I thought, well, first of all, it's so inexpensive, it's hard not to have one; and that I ought to have it in order to play with it and get to know it and see what I think. And now my complaint is that the aspect ratio is wrong for reading. It's right for widescreen movies, which is the reason it is widescreen. But I just don't like reading in a long column or in a really wide screen with very few lines. So it's like, eh, I just - I don't - I think they - I'm not a fan of the Fire. But I do have one.

Question: [ 03 ] - Joshua Gardner

A quick note, I switched to Chrome for a bit because I could not handle Firefox's memory management leakage, which we've talked about several times before on the show He says: 2.8GB of RAM usage with 30 tabs open. My poor laptop only has 4GB of RAM, so Firefox would constantly cause the hard drive to be running because it would have to swap things back and forth. However, I couldn't handle not having tree-style tabs, which you've recommended, the side tabs. So I returned to Firefox - because it's an extension for Firefox. Over the last week I've had Firefox open probably 10 days it's been open with 30 tabs open all this time. And my current RAM usage is 200MB in the most recent version, 9.01. If you have a spare machine sitting around, you might want to run the current version with a few tabs open for a night or two, see if you get better results. I know you aren't a latest version kind of guy. Neither am I, in some cases. But in this case I think the benefit is there. Speaking of which, what is with this new trend to get rid of the menu bar in software? That File, Edit, View, Tools, et cetera? I first saw it in MS Office. Yeah, they're using that ribbon thing now. That's their thing. And I'm seeing it in browsers. Now, yeah, they were talking about putting ribbons on Firefox. I don't - did they? And now a few other utilities I've seen have been updating in this direction. For the record, I don't like it. Thanks for the show and all you do. Josh in San Antonio, Texas.

Okay. So a couple things to note here. First of all, the phrase "My poor laptop only has 4GB of RAM." Okay, what is wrong with that picture? 4GB. I mean, mine do, too, Josh. I'm not poking fun at you. I'm just saying our world has exploded. It's just, I mean, 4 billion. Billion. 4 billion bytes of RAM. Oh, my goodness, it's wrong. It's very wrong. So I also wanted to note, he mentioned v9.01 and wanted to make sure people knew that 9 was quickly replaced after its first day on the planet. But I noted something else just today. And that is, Mozilla is having problems - speaking of not having enough RAM - Mozilla is having problems because they are no longer able to build Firefox. Slashdot Thread They are having to back out of features because it will no longer build. They ran across a problem building in Windows, and so they added the /3gb switch. They can't compile it. The Apple II could go to 64K, and so they were going to go to 640K. Well, then they realized, okay, that's not such a good idea. We need more than that. So they went to a 32-bit platform. So they said, okay, 32 bits, come on, that's 4 billion bytes. We're never going to need anything close to that. So they arbitrarily divided the memory in half because why not? Neither half would ever get near full. So 2GB for the OS, 2GB for the applications. All the applications. Because, again, applications, how big could they be? So at some point Mozilla hit their head on the 2GB size. And so they added what's called the /3gb switch, which is something you can add to the boot.ini file in Windows that moves that 2GB fence that divides the OS and the applications from the 2GB point up to 3GB. So the OS is squeezed down to 1, and that gives applications 3GB of space. Well, that's been hit now, too. So I was reading some of the developer blog comments in the forum apologizing for a couple people who were not on the email routing list because their code had been removed, and they weren't notified, because Firefox can no longer be compiled. It is just a travesty. It's just, like, okay, guys, come on. This is just getting too big. And as you said, it needs to be started over. What they're going to end up having to do, apparently, and this is a big problem for them, they're going to have to switch to 64-bit OS builds to build the 32-bit version. And that's going to be, I mean, they're just - it's going to take them a while to do. But it just means we're talking about bloat with no end. So, Josh, thank you for telling me that 9 seems to have solved this problem. I'm still happily on 3.6 right now. And at the rate those guys are going with Firefox, I mean, we do know that they're projected to have 12 ready at the end of April. Maybe this is going to throw a little kink in their calendar, since they can't compile it any longer. Ugh.

Question: [ 04 ] - Jerry

After experiencing a hard drive failure many years ago I purchased SpinRite, now use it on a regular basis. I've never experienced a hard drive failure since. Here's my problem. I'm going to be purchasing a new computer, and I am torn on whether to get an SSD or an HDD. I want an SSD because of fast boot, fast startup of applications, silent operation, and SSDs generate less heat than HDDs. The two weaknesses of SSDs that give me major pause are no SpinRite support, and various issues concerning the successful implementation of full-disk encryption. So, Steve, what kind of disk are you purchasing for your new computers nowadays, and what are your comments, insights, recommendations on this dilemma I'm facing? Thanks.

Yeah. I don't have any spinning media in any laptops. And I've got a bunch of laptops. My feeling is that's a place, just due to the delicacy of those 2.5-inch small laptop-style drives, that really scares me. So, that is, in terms of it's just - it's easy for the laptop to get bounced by mistake. You turn it off and shut it down. I mean, knowing what's going on in there, that this amazingly delicate little and ridiculously dense data stored on these little spinning platters, the heads are still flying, I, like, have to sort of sit there and wait until I'm sure that it's all stopped spinning and the heads have landed. And even then, you really do need to be careful with laptops. All of the experiences that the original hard drive iPod users had of their iPods dying is similar to what happens with laptops. And with laptops being so popular, it's just a problem. So I do have large spinning hard drives in most of my big machines. But one of the first things I do is to take out the hard drive and exchange it with a solid-state drive for my laptops. I like my little Mac Air because it's just 64GB of solid state, and it just - it feels right to me that this thing I don't have to worry about. And the iPad is the same, for the same reason, that it's just - it's solid-state storage. It is just - that's not going to go wrong. But you're right, Leo, price is a concern. And of course, for me, wear is a concern over on the SSD side. We've talked about how SSDs, the current technology does get fatigued when you write to it because essentially you're squirting electrons through an insulator to strand them out on a little piece of conductive island. And that electron tunneling, squirting the electrons through, essentially you're breaking down an insulator, forcing it to allow a charge to pass through. Well, that fatigues it. It actually does wear it a little bit. So I'm in the process of building up a new server for GRC. It'll end up becoming and and all that. It'll be GRC's new main server. And I've decided it's going to be SSD. But I did a couple things. I got highly over-provisioned SSDs. They have 28 percent over-provisioning so that the SSD has that much spare space which is available to be swapped in as it detects problems evolving. And it's in a RAID 6. So not only am I using the best, highest quality - and these are all - these are not MLC, by the way. These are all SLC. That's the other thing I do. And it is really expensive to go SLC. But single-level storage is much more reliable than multi-level storage. Much more expensive because you're only able to store one bit in each cell rather than two or three or in some cases four bits. So it means that the technology is less dense, thus the SSD is much more expensive. But the reason is it's faster and it's more reliable. And so in addition to that, I'm not only using SSDs that are over-provisioned, but RAID 6, which means that essentially I have a four-drive RAID 6 array. So any two drives could fail, and the entire system still runs.

Question: [ 05 ] - Jared

Regarding the referrer header for a browser, Safari in this example, why are the headers grouped as they are? For example, some websites can work just fine on the iPad 2 with its larger screen area, 1024x768, same as many laptops. Gmail works great with full-blown navigation. But instead the website says, oh, you're on an iPad, I'm going to take you to the mobile domain. Based on this, it appears the referrer header is grouped so that iPhone, iPad, Mozilla are all grouped as one. My thinking is, since iPhone/iPad are on the same line from the website's perspective, it's still a mobile browser, regardless as to whether it's capable of displaying a full-blown page or not, thereby eliminating user experience. While it's true some websites do give you a link to navigate to their full website, others don't. Is this a limitation of the referrer header somewhere in the chain? I don't mind the m. sites on an iPhone, as it is mobile suited, but an iPad? Is there any resolution, apart from using a desktop browser or hoping the web developer has linked you to their full-blown version?

So as you spotted, Leo, Jared's a little confused. It's not the referrer header, it's the user agent header. The user agent header has been around since the beginning. And we've discussed it in the past because it can also be a little bit of a privacy concern. Add-on things that you incorporate in your browser, like accessory packages or libraries that the browser has, can all tack their own version numbers onto the user agent so that every query your browser makes announces that this is the user agent that is sort of the client, the browser client, that is making the query. The logic, the concept was in the beginning that, if some user agents, for example, well, like really old ones would have been text only. They didn't handle graphics. So the server could see what was making the query and then serve different content depending upon the requirements. It used to be that the user agent would also contain and state the resolution of the user's screen. Presumably, similarly, the server could then return content suited for the resolution. Now, the reason Jared's question caught my eye is that I, too, and maybe you, too, Leo, have been annoyed when, for example, using an iPad, I'm given a much feature-stripped website which just doesn't do the same thing. And in fact, I have two different tokens registered for PayPal. I've got my original football, and I also have on my - I've got the VeriSign VIP on my BlackBerry, so that I'm able to use either. Well, what that means is that, when I'm using PayPal, and I log in, and they want my one-time password, they take me to a dropdown box where I choose which one. The problem is, the mobile version of PayPal doesn't offer that. So I'm unable to pay with my iPad because PayPal sees that I'm using an iPad, gives me their mobile version that doesn't offer me the option of specifying which one of the tokens I want to use. So it's like, argh, you know.

Leo: But that's not - it has nothing to do with how the browser's identifying itself. The browser's identifying itself. It's the website that's deciding what to do with the identification. So go to the - complain to the website, not to, I mean, it has nothing to do with the browser's agent string. The browser should always say what it is.

Question: [ 06 ] - Chris Wronski

In Episode 332 you talked about alternative readers for PDF documents. I wonder if you and Leo would share your favorite choices?

Steve: Well, now, I have to defer to you, Leo, because I purchased years ago a bunch of copies of, I'm not proud to say it, but Adobe's Acrobat, the full Acrobat system, the whole document preparation system and all that, which I've been moving forward and upgrading over time. So it incorporates along with it a plug-in for reading. And so I've got literally Acrobat Reader as opposed to just the regular PDF reader. So I haven't had to go looking for other stuff. So unfortunately I'm not a good resource for this. But I know that you are.

Leo: Oh, well, in some ways I'm not because on Macs of course you've got built-in software. And there are third-party programs, like one of our sponsors, Smile Software, makes PDF Pen that lets you make them editable, fill out forms and stuff like that. So I have a series of tools that I use on the Mac, and I don't need anything from Adobe. And I'm very careful not to download anything from Adobe on the Mac. On the Windows side I use Foxit, which I like a lot. They make a distiller as well as reader. There's a free reader, but I pay for Foxit Phantom, which is the full thing. A lot of people like Cute PDF. Which is another really good one. There's one, I think it's free, called Nitro, that a lot of - so readers should be free. A viewer should be free because it's not creating PDFs. So Foxit Reader is free. Actually Chrome will read a PDF.

Question: [ 07 ] - Peter

Leo: Peter in Sydney, Australia solves the "unplug your phone once charged" mystery. Oh, we were talking about this.
Steve: And this actually is the one I was referring to, so we really have covered it. But we can just read it real quick.
Leo: Yeah. He says Nokia started this, and I think other phone companies now do it. I know my Samsung does it. The iPhone does not. Once it's charged, it says, in fact maybe all Android phones now do this, it says "It's charged. Unplug your charger." And he points out chargers consume power even if they're not plugged to a phone. And so that's why they're saying that. It's to save power. I don't - it's not much. But cumulatively, millions of wall warts all over the country, all over the world, that can add up.
Steve: And you know there are different technologies for chargers. The old-school black blob actually had a transformer in it, and you could put your hand on it...
Leo: It's hot.
Steve: ...and it's warm, yeah. I think that Apple's is a much newer technology switching charger. And so it may very well be that it is not drawing quiescent power when the device is not actually using it.
Leo: Switching, though, is much more expensive to implement. And that's, of course - figures Apple would do that.
Steve: And it makes them so tiny and cute and white and everything, yeah.
Leo: And white. All switching power supplies are white.

Question: [ 08 ] - Tom Burns

Hey, Steve. Perhaps this is a bit obvious, but I thought it was worth mentioning. First, no matter how long your password is, if it's the same across sites, then it's susceptible to password honeypots, sites that would capture your username and password either intentionally or through being compromised, and attempt to reuse the password and ID elsewhere. So let's say you sign up for thinking it's Twitter or something, and you give it a login, a password, unique, but except that you use this same password everywhere. Then they would know and try your password elsewhere. Second, and perhaps this is a bit farfetched for the moment, any site that can capture your password and initiate a robo-login attempt with the same credentials across all of the common banking sites can be trained to look for low-entropy passwords and flag the padding for human investigation. Oh, that's interesting. If your technique of password padding became commonplace, this would be the next logical place for hackers to go. Your listeners may want to either not use padding for less than completely trusted sites or have different types of padding for different types of sites. Tom Burns in Chicago.
So this notion of a password honeypot was interesting because I took it to mean something, a variation on things we've seen before. Remember once upon a time there were sites that offered you to sign up for contests. And they would, yes, and they wanted your email address. And, I mean, you ended up getting spam as a consequence of that. So they were harvesting email addresses and telling you that, oh, sign up for this, and then we're entering you in a drawing, and there's a chance, I mean, we're talking old school. This was a long time ago. But a lot of people were doing that. And so you could certainly imagine a site which wants you to create accounts, asks you to create an account where you identify yourself with your email address and a password. They're not saying use the same - they're not explicitly saying use the same password you use everywhere. But they're assuming that people are going to, if they're not very security conscious. And then they go and try to log on with the same credentials in lots of other common websites. And if someone is using the same email address and password, that's going to succeed. So it certainly is possible for a malicious password honeypot site to be created. And I wanted to take this opportunity, one of the reasons I saw this question, is just to remind people that I've, with things like Password Haystacks and the one-time passwords and Off The Grid and all these things that I've done, those have been sort of research and experimental things. I'm using LastPass. I'm completely happy with LastPass. I mean, I'm now dependent upon LastPass. Every so often I'll get worried about the fact that I don't know what any of my passwords are anymore. So I'll make a backup copy of the LastPass Vault offline so that I have it all. And sometimes something, if I don't have it, it's like, oh, shoot. And I'll have to go manually open up my LastPass Vault. So just wanted to make sure that people know that I'm still LastPass.

Question: [ 09 ] - Steve

Regarding the router rebooting which allows direct PC connection to the Internet, Isn't it true that a PC that has already booted has a locally assigned IP address (e.g., 192.x.x.x)? If so, doesn't that mean that it is not routable from the Internet? Therefore there's no exposure, unless the PC happens to be rebooting at the same time the router is in "switch mode"?

It was revealed that some of the fancier routers that are doing a lot of things are, as we know, typically a Linux OS; but that the other layers of technology, like the NAT and the stateful packet inspection firewall and so forth, are additional services that do not start up immediately. And we heard it has been verified that some of these routers are simple bridges between the Internet and your internal network until they get fully booted, which means your home network is exposed to the Internet with no protection while the router is rebooting. Isn't that interesting? And it is the case. So what Steve has said is, like, wait a minute, the machines on your home network would be private IPs, 192.168.what.what. So even if the router was rebooting, your machines would still have a private IP so they wouldn't be able to get on the Internet. What we realized a couple weeks ago was that, if your PC was asking for DHCP renewal, if you were renewing your DHCP lease, while the router was rebooting, you would actually - it would pass right through the router, and you would get a DHCP IP from your ISP, that is, a public IP rather than a private IP, because your router is just bridging the Internet traffic through. So Steve's right that your machines on the private LAN would have private IPs. But the important thing is that their stack, their TCP/IP stack, would still be exposed directly. So it's not that they wouldn't be able to get on the Internet, which they wouldn't because they'd have a private IP, 192.168.whatever, but that incoming traffic would be passing directly through the router and hitting their machine. So the good news is, and we did talk about this at the time, most PCs have software firewalls now that are running, that are protecting them themselves. But on the other hand, we are depending upon our routers often for security. And so it is the case that the router is not providing us that unsolicited incoming packet dropping and security during this interval, until it finishes booting. So I would contend there is still some window of vulnerability which is just to sort of keep aware of. Yeah, interesting.

Question: [ 10 ] - Anthony

Hi, Steve. I'm sure you know some of Microsoft's updates fail, for instance the latest one, KB2618444, the cumulative security update for IE 9. Even the support forum hasn't been much help. I do not use IE, but I want to keep it up to date, of course. Will my system not having this update adversely affect my security, even though I don't use Internet Explorer at all? And, if so, how can the updates that fail even after multiple tries be downloaded? I don't remember this subject specifically coming up on the Security Now! podcast. No, but it comes up all the time on The Tech Guy. If you think it's relevant, maybe you could address it briefly. I've been listening to Security Now! for years and enjoy it very much. Keep up the good work.


Steve: And Leo, I don't know if you've got any magic solution.
Leo: Oh, I do, yeah. Comes up a lot.
Steve: Yeah. What do you tell people?
Leo: Well, there's two things. I'll answer both questions. First of all, updates, think about it, if you're doing an update in place of an operating system, it's like changing the table cloth by whipping it out and putting a new one in there. It's not always going to work. In fact, it's amazing it works as well as it does.
Steve: That was going to be my first comment, was I'm not surprised when it fails, I'm surprised when it doesn't.
Leo: I mean, really, you're modifying a system, you're building a plane while it's in flight. You're changing the engine, so - to add yet another metaphor. So when they fail, what happens often is - and this is actually the more serious issue. If an update has failed, it will not then go on to do other updates, and you will not be able to add future updates until that one update gets done. It's blocking. So Microsoft has a very long tech note - I'll see if I can find it again, we put it in our show notes all the time at The Tech Guy show - explaining the 38 different things you can try if you've got a failed update, including clearing the registry. Mostly it's clearing a registry setting, undoing it and so forth. Now, if you have an update that you really want, you don't have to use automatic update, in-place update. You can change Windows Update. If you go into Windows Update and go into the settings on the left there, you can do a - because think about this. Administrators at a business with hundreds of PCs, they don't want to go to each PC one by one and do an auto update. They download the file once and then apply it over the network, or they go from machine to machine. So Windows Update does allow you, you can actually go to the updates and download individual update files all by themselves. This is what I do, for instance, for system packs because they're so big. I just want to put the 700MB download on a USB key and then update all my various systems, yeah.
Steve: And carry it around, yup.
Leo: So you can go into the settings of - I don't remember the step-by-step, but it should be pretty apparent. Go into the settings and go to, I think it's called the "Catalog" of updates, and go to individual updates and get them. If it's stalled, though, I'll tell you before this show's over - we've got a couple more questions. I'll let you answer those, and I will find the knowledge base article. You can also Google - go to Microsoft. Don't even Google it. Microsoft has a great site,, where you can search for "failed update," and you'll find all the articles in there and all the different things you can do. But the problem is it's not just one thing. There's a variety of different solutions, depending on how it got stuck. And it happens all the time.
Steve: I know. I've got several machines which I've - like older machines that have just stopped being able to be updated because something, a screw loose, occurred. And it just, like, says, okay, updates have failed. And it's like, okay, you know. And I've rebooted. And sometimes if they come up - if Microsoft comes up with a service pack, that'll sort of flush everything and make it current again, and it'll kind of come back to life. And I've sort of screwed around, rebooted a few times, and it's sort of, like, oh, look, it's fixed itself. But it's, I mean, it is black magic.
Leo: Yeah. They'll get stuck. Here's an article updated on Halloween 2011, appropriately, Rev. 7.0 of this article. It's at the site, Article No. 906602: "How to Troubleshoot Common Windows Update, Microsoft Update, and Windows Server Update Services Installation Issues." And it's really kind of a meta article that will link to a lot of other articles that will help you a little bit. And there's, as you can see, there's, well, let's see, I can't even count the number of related articles, various error codes and so forth. So there you go.
Steve: Yup.
Leo: Windows Update stalled, Windows Update failed, Windows Update blocked, all of that stuff. There's a lot of different ways to do it. Most of the time you just edit the registry to say, hey, start over.
Steve: Or there is the reformat command.
Leo: Well, it's funny because somebody in our chatroom said, "I had this happen to me, and Microsoft sent me a Windows 7 DVD and said, 'Just reinstall.'" It's a good solution.

Question: [ 11 ] - Gord

You said, "Ever since I was in high school, I spent the $400 I saved up from a summer job to buy myself the HP-41, which was the very first scientific calculator HP produced. So I have long loved those machines." Steve, actually it was HP-35 was the first scientific calculator. He knows, because he still has it on his desk along with his Pickett metal slide rule. Yeah. The original HP-35s were distinguished as they did not indicate the 35 on the front label. It was only after the introduction of the 45 did they have to put "35" on the old ones. I also have a 15c I still use on a daily basis. Regards.

Question: [ 12 ] - Tom Walker

Thanks for the great show and thorough prep work you put into it. I'm curious. What are the three boxes of flashing lights over your left shoulder?

I figured once a year, for people who are watching the video. So, Tom, those are reproductions of the classic original Digital Equipment Corporation (DEC) PDP-8 mini computer, which I built a few years ago from a kit which was made available. And I participated in the creation of the kit, and actually a number of our listeners purchased them and built them also. So I have them running because that's pretty much all they're good for is flashing the lights. But I grew up watching "Voyage to the Bottom of the Sea" with the Seaview and the computer and "Time Tunnel" and "Lost in Space." And you've got to have banks of blinking lights. That's just part of the thing you need. So I figured, in my own little way, I have some blinking lights going on. And every so often I look at them, and they warm my heart a little bit. It's like, aw, remember them. I've got a whole subsite with the code that I wrote and the creation of those and demo videos that show how they work and what they do. So, yeah.



  • offer code securitynow for 2 week free trial and 14 months for the price of 12
  • Ad Times: 1:04-1:21 and 40:59-43:10

Tricaster 850 Extreme

Production Information

  • Edited by:
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.